Java Reference
In-Depth Information
CHAPTER 10
Secure Sockets
AT&T has provided the United States National Security Agency with full access to all
of its customers' Internet traffic by copying packets to data-mining equipment installed
in secret rooms in its switching centers.
1
Britain's GCHQ taps into the fiber-optic cables
that carry most of the world's phone calls and Internet traffic.
2
In Sweden, the National
Defence Radio Establishment requires fiber-optic cable owners to install fiber mirroring
equipment on their premises. And this is just a small sampling of government sponsored
eavesdropping we know about.
As an Internet user, you do have defenses against snooping bureaucrats. To make In‐
ternet connections more fundamentally secure, sockets can be encrypted. This allows
transactions to be confidential, authenticated, and accurate.
However, encryption is a complex subject. Performing it properly requires a detailed
understanding not only of the mathematical algorithms used to encrypt data, but also
of the protocols used to exchange keys and encrypted data. Even a small mistake can
open a large hole in your armor and reveal your communications to an eavesdropper.
Consequently, writing encryption software is a task best left to experts. Fortunately,
nonexperts with only a layperson's understanding of the underlying protocols and al‐
gorithms can secure their communications with software designed by experts. Every
time you order something from an online store, chances are the transaction is encrypted
and authenticated using protocols and algorithms you need to know next to nothing
about. As a programmer who wants to write network client software that talks to online
stores, you need to know a little more about the protocols and algorithms involved, but
not a lot more, provided you can use a class library written by experts who do understand
the details. If you want to write the server software that runs the online store, you need
